Safe Browsing 101: What is a Drive-by-Download Attack?

Drive-by-download attacks sound like the made-up ranting of a conspiracy theorist. Is it really possible for your computer to become malware infected simply from visiting a legitimate website that has been hacked?

Drive-by-Download Attacks: The Scary Truth

What is a drive-by-download attack? In short, attackers embed malware—anything from malicious redirects to infected code—into a legitimate website and then wait for passersby. Visitors to the site don’t need to download or even click on anything on the site to get infected. The malware simply uses an exploit kit to scan your system for a security vulnerability and then exploits it—all without your knowledge. The goal is the same as with any malware: to run malicious code on your computer, steal financial and personal information, or both.

Are You Putting Your Company at Risk?

Drive-by-download attack exploit kits have to find a vulnerability on the system—and outdated programs are often to blame. Companies must make sure operating systems, plugins, browsers, mobile applications, and desktop programs are continually updated. IT departments need to know what people are running on their systems and eliminate unused and outdated software.

How Safe Are Your Systems?

One way to avoid falling victim to a drive-by-download attack is through penetration testing. By leveraging internal resources or hiring a trusted and experienced third-party security firm, your organization can find out where your vulnerabilities lie—before an attacker discovers them. Penetration testing uses real-world hacking techniques to reveal weaknesses, identify critical vulnerabilities, and quantify your company’s level of risk. With this data in hand, you can take actionable steps to shore-up your security posture.

Proactive Security

Don’t take security for granted—even if your staff is trained not to download programs or click on unknown links, your systems are not safe. Proactively assessing your vulnerabilities enables you to take control of your security and ensure you don’t fall victim to drive-by-download attacks.